New Firefox malware attempts to steal passwords

Browser malware has generally targeted IE in the past, since it's the biggest target and doesn't exactly have a good reputation for security. That's one of the main reasons why Firefox has become as big as it has, with a worldwide market share around the 20% mark. That increase in usage has also made it become a bigger target, and now a new piece of malware has been identified that specifically targets Firefox.

The malware, called ChromeInject, holes up as an add-on in Firefox and identifies when you are visiting certain financial sites, like PayPal, to harvests usernames and password for those sites. Afterwards those logins get sent off to a remote server, where they are no doubt used to drain or transfer funds from people's accounts. Users still must visit a malicious or compromised site to become infected by this trojan, and security products are already being updated to detect it. One of the easiest steps to prevent infection is just to make sure any add-ons you install come from an official source, like Mozilla's repositories.

Even if the odds of infection are low, seeing harmful software written specifically for Firefox does demonstrate that it is now becoming large enough for people, including people with bad intentions, to take notice of it.